/* For SUDO_PS1 -> PS1 conversion. */
if (strncmp(*ep, "SUDO_PS1=", 8) == 0)
ps1 = *ep + 5;
+--- tmp/sudoers.pod 2010-03-11 12:28:58.000000000 -0700
++++ sudo/sudoers.pod 2010-03-11 12:29:58.000000000 -0700
+@@ -1227,6 +1227,9 @@
+
+ =item env_delete
+
++Not effective due to security issues: only variables listed in
++I<env_keep> or I<env_check> can be passed through B<sudo>!
++
+ Environment variables to be removed from the user's environment
+ when the I<env_reset> option is not in effect. The argument may
+ be a double-quoted, space-separated list or a single value without
+@@ -1240,8 +1243,8 @@
+
+ =item env_keep
+
+-Environment variables to be preserved in the user's environment
+-when the I<env_reset> option is in effect. This allows fine-grained
++Environment variables to be preserved in the user's environment.
++This allows fine-grained
+ control over the environment B<sudo>-spawned processes will receive.
+ The argument may be a double-quoted, space-separated list or a
+ single value without double-quotes. The list can be replaced, added
+--- a/sudo.pod
++++ b/sudo.pod
+@@ -456,8 +456,8 @@ and, as such, it is not possible for B<sudo> to preserve them.
+ To prevent command spoofing, B<sudo> checks "." and "" (both denoting
+ current directory) last when searching for a command in the user's
+ PATH (if one or both are in the PATH). Note, however, that the
+-actual C<PATH> environment variable is I<not> modified and is passed
+-unchanged to the program that B<sudo> executes.
++C<PATH> environment variable is further modified in Debian because of
++the use of the I<SECURE_PATH> build option.
+
+ B<sudo> will check the ownership of its time stamp directory
+ (F<@timedir@> by default) and ignore the directory's contents if
projects / debian / sudo / blobdiff